{"id":533,"date":"2021-10-05T13:32:00","date_gmt":"2021-10-05T11:32:00","guid":{"rendered":"https:\/\/www.zefat.nl\/?p=533"},"modified":"2021-10-06T09:59:57","modified_gmt":"2021-10-06T07:59:57","slug":"fortilink-lacp-to-hardware-switch","status":"publish","type":"post","link":"https:\/\/www.zefat.nl\/index.php\/2021\/10\/05\/fortilink-lacp-to-hardware-switch\/","title":{"rendered":"fortilink LACP to Hardware Switch"},"content":{"rendered":"\n

If you have 2 (or more) 100 Series FortiSwitches <\/strong>(which are not MCLAG <\/strong>capable) and you want to be able to update them without interrupting all traffic towards your FortiGate (as they are mostly daisy chained), you can change the 802.3ad Aggregate<\/strong> (which is the default setting) of a fortilink <\/strong>to a Hardware Switch<\/strong><\/p>\n\n\n\n

The issue is that Port B goes on, and off immediately.<\/p>\n\n\n\n

\"\"
(fortilink daisy chained) <\/figcaption><\/figure><\/div>\n\n\n\n

Normal, from a default point of view the FortiGate fortilink <\/strong>is an 802.3ad Aggregate<\/strong>.<\/p>\n\n\n\n

\"\"
(fortilink Aggreggate) <\/figcaption><\/figure><\/div>\n\n\n\n

<\/p>\n\n\n\n

\"\"
(fortilink hardware switch)<\/figcaption><\/figure><\/div>\n\n\n\n

But if you want to be able to update a FortiSwitch<\/strong>, and it not MCLAG <\/strong>capable (so no redundancy) you want the Aggregate <\/strong>to be a Hardware Switch<\/strong>.<\/p>\n\n\n\n

To change the Aggregate <\/strong>to an Hardware Switch<\/strong> here are the pointers to change in the config:<\/p>\n\n\n\n

  1. Make a backup of the config from your FortiGate<\/strong>.<\/li>
  2. Choose your editor to change following.<\/li><\/ol>\n\n\n\n

    Change the interface:<\/h3>\n\n\n\n
    config system interface\n    edit \"fortilink\"\n        set vdom \"root\"\n        set fortilink enable\n        set ip 169.254.1.1 255.255.255.0\n        set allowaccess ping fabric\n        set type aggregate\n        set member \"a\" \"b\"\n        set lldp-reception enable\n        set lldp-transmission enable\n    next\nend<\/code><\/pre>\n\n\n\n
    Should become:<\/h5>\n\n\n\n
    config system interface\n    edit \"fortilink\"\n        set vdom \"root\"\n        set fortilink enable\n        set ip 169.254.1.1 255.255.255.0\n        set type hard-switch\n        set allowaccess ping fabric\n        set device-identification enable\n        set lldp-reception enable\n        set lldp-transmission enable\n    next\nend<\/code><\/pre>\n\n\n\n
    Create the hardware switch:<\/h3>\n\n\n\n
    config system virtual-switch\n    edit \"fortilink\"\n        set physical-switch \"sw0\"\n        config port\n            edit \"a\"\n            next\n            edit \"b\"\n            next\n        end\n    next\nend<\/code><\/pre>\n\n\n\n
    Make sure you have NTP enabled in the new interface, as FortiLink depends highly on it.<\/h4>\n\n\n\n
    config system ntp\n    set ntpsync enable\n    set server-mode enable\n    set interface \"fortilink\"\nend<\/code><\/pre>\n\n\n\n
    Recreate your DHCP server (or check).<\/h3>\n\n\n\n
    config system dhcp server\n    edit 2\n        set dns-service default\n        set ntp-service local\n        set default-gateway 169.254.1.1\n        set netmask 255.255.255.0\n        set interface \"fortilink\"\n        config ip-range\n            edit 1\n                set start-ip 169.254.1.2\n                set end-ip 169.254.1.254\n            next\n        end\n    next\nend<\/code><\/pre>\n\n\n\n
    Restore your config into your FortiGate<\/strong>. After this is done, you should have a Hardware Switch<\/strong>. You can connect each separate port to a separate switch.<\/p>\n\n\n\n
    **NOTE: <\/strong>Make sure you do not connect the switches to each other, as you will create a loop.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"
    If you have 2 (or more) 100 Series FortiSwitches (which are not MCLAG capable) and you want to be able…<\/p>\n","protected":false},"author":1,"featured_media":548,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[18,16,19],"tags":[21,14,22],"_links":{"self":[{"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/posts\/533"}],"collection":[{"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/comments?post=533"}],"version-history":[{"count":11,"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/posts\/533\/revisions"}],"predecessor-version":[{"id":574,"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/posts\/533\/revisions\/574"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/media\/548"}],"wp:attachment":[{"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/media?parent=533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/categories?post=533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zefat.nl\/index.php\/wp-json\/wp\/v2\/tags?post=533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}